通过docker外nginx转发discourse服务

docker
nginx
discourse

#1

为什么要通过docker外的nginx转发discourse的服务呢?因为docker下的nginx修改比较麻烦,如果要在同一台服务器运行discourse论坛外,再放一些其他网站的话,还是在docker外在跑一个nginx比较合适。

修改discourse配置

首先你需要修改discourse的配置文件app.yml,改变默认将docker的80映射至服务器80的配置,如果你的论坛设置了443的话,最好也改一下。

expose:
  - "8888:80"   # http
#  - "8443:443" # https

将docker的80端口映射到8888端口,如果未启用https的话将443端口映射注释掉,否则也改一下映射,端口根据需要自己定,和后面nginx的配置保持一致就可以。

重新构建discourse:

sudo ./launcher rebuild app

服务器安装nginx

sudo add-apt-repository ppa:nginx/stable -y
sudo apt-get update && sudo apt-get install nginx

安装了最新的nginx。现在为discourse配置nginx反向代理。

删除nginx默认的网站配置文件:

sudo rm /etc/nginx/sites-enabled/default.conf

http站配置

创建/etc/nginx/sites-enabled/discourse.conf,配置如下信息:

# upstream指向docker里的discourse,8888为docker的80映射端口
upstream discourse {
  server 127.0.0.1:8888 fail_timeout=0;
}

server {
  listen 80; listen [::]:80;
  server_name yourdomain.com;

  location / {
    proxy_pass http://discourse;
    proxy_set_header Host $http_host;
    proxy_http_version 1.1;
    proxy_redirect off;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

# 服务器上你的其他网站配置
...

https站配置

带https可以这样提供全站https:

upstream discourse {
  server 127.0.0.1:8443 fail_timeout=0;
}

server {
	listen 80;
	server_name youdomain.com;
	return 301 https://$server_name$request_uri;
}

server {
	listen       443 ssl;
	server_name yourdomain.com;

	ssl_certificate      /etc/letsencrypt/live/youdomian.com/fullchain.pem;
	ssl_certificate_key  /etc/letsencrypt/live/youdomian.com/privkey.pem;

	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout  5m;
	ssl_ciphers  HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers   on;

	access_log /var/log/nginx/youdomian.com.access.log;
	error_log /var/log/nginx/youdomian.com.error.log;

	location / {
			# cache 优化
          	proxy_buffering             on;
          	proxy_buffer_size           16k;
          	proxy_buffers               24 8k;
          	proxy_busy_buffers_size     16k;
          	proxy_temp_file_write_size  32k;
          	proxy_connect_timeout       7s;

	  	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    	  	proxy_set_header Host $http_host;
    	  	proxy_redirect off;
	  	    proxy_pass https://fastinit;
	}
}

配置玩之后重启nginx

sudo systemctl restart nginx.service

排错

如果有问题的话先查看下nginx的错误日志:

cat /var/log/nginx/youdomian.com.error.log

或者检查一下discourse的运行日志:

cat /var/discourse/shared/standalone/log/rails/production.log

#2

涨姿势……学习了